Closed 79ho3ein closed 3 months ago
Hi @79ho3ein.
This is not an error because it is the error text that WP returns, so it is displayed in the form
if you want to change the error text, you can use the action wp_login_failed
add_action(
'wp_login_failed',
function ( $username, $wp_error ) {
//Change error text when incorrect password
if( isset( $wp_error->errors['incorrect_password'] ) ){
$wp_error->remove( 'incorrect_password' );
$wp_error->add( 'incorrect_password', 'Your password is incorrect' );
}
//Change error text when invalid username
if( isset( $wp_error->errors['invalid_username'] ) ){
$wp_error->remove( 'invalid_username' );
$wp_error->add( 'invalid_username', 'Your login is incorrect' );
}
//Change error text when invalid email
if( isset( $wp_error->errors['invalid_email'] ) ){
$wp_error->remove( 'invalid_email' );
$wp_error->add( 'invalid_email', 'Your email is wrong!' );
}
}, 10, 2
);
Great, thank you @Crocoblock
Hi crocoblock team,
I have created a login form using jet form builder. This form has a username field and a password field. The problem is that if one of these two fields is entered incorrectly by the user, the error that is displayed will tell the person (who can be an attacker) which one of the fields is entered correctly and which one is wrong! For example, I entered the username correctly, but entered the password incorrectly. See the following error :
Error: The password you entered for the username crocoblock2024 is incorrect. Lost your password?
Please add this option so we can customize the error text. For example: username or password is wrong.
This simple thing will improve the security of the login form.
Is there a quick fix (code) for that?
thank you